SIR SYED UNIVERSITY OF

ENGINEERING AND TECHNOLOGY

INFORMATION SECURITY
( SWE313T )

ASSIGNMENT# 01

SUBMITTED TO: Engr. Hassan Zaki

SUBMITTED BY: SADIA SARFRAZ 2020F-BSE-297
AIMEN SAJID 2020F-BSE-299
SECTION : F
Semester : 6th
Information Security ( SWE313T ) ASSIGNMENT 1 SSUET/QR/114

QUESTION 1:

a) Search any latest Security attack and briefly describe it in your own words, taking into account the CIA Triad.

ANSWER:

One recent security attack that made headlines is the SolarWinds supply chain attack that was discovered in late
2020. This attack targeted SolarWinds, a software company that provides network monitoring and management
tools to numerous organizations, including government agencies and Fortune 500 companies.

The attack involved hackers inserting malicious code into SolarWinds' software updates, which were then
distributed to the company's customers. The code allowed the attackers to gain access to the networks of the
affected organizations and steal sensitive data.

In terms of the CIA Triad, the attack compromised all three aspects: confidentiality, integrity, and availability.
Confidentiality was breached as the attackers were able to access and exfiltrate sensitive data from the
compromised networks. Integrity was compromised as the attackers were able to alter data within the networks,
potentially leading to the spread of false information or the manipulation of critical systems.

Availability was also affected as the attackers were able to disrupt the functioning of the networks, potentially
causing downtime or service outages.

This attack highlights the importance of supply chain security and the need for organizations to implement strong
security measures throughout their entire ecosystem, including third-party vendors and suppliers.

b) Discuss different Information Security domains like SOC, GRC, IS Audit, Pen Tester, Cyber Forensic?

ANSWER:

There are several domains in information security that are crucial for ensuring the security of an organization's
information systems. Here are brief descriptions of some of the major domains:

 Security Operations Center (SOC):

A SOC is responsible for monitoring and analyzing an organization's security posture and responding to security
incidents. It typically consists of a team of security analysts who use tools like SIEM (Security Information and
Event Management) and threat intelligence feeds to detect and respond to security threats.

 Governance, Risk, and Compliance (GRC):

GRC encompasses the processes and controls that organizations put in place to ensure they comply with relevant
laws, regulations, and industry standards. This includes activities like risk management, compliance assessments,
and policy development.

1
Information Security ( SWE313T ) ASSIGNMENT 1 SSUET/QR/114

 Information Systems Audit:

An IS audit is a review of an organization's information systems, policies, and procedures to ensure they are
aligned with business objectives and comply with relevant laws and regulations. IS audits are typically performed
by independent auditors and can include both internal and external audits.

 Penetration Testing:

Penetration testing (or pen testing) involves attempting to exploit vulnerabilities in an organization's information
systems in order to identify weaknesses and improve security. Pen testers simulate real-world attacks to test an
organization's defenses and provide recommendations for improving security.

 Cyber Forensics:

Cyber forensics involves the collection, preservation, and analysis of digital evidence to support investigations
into cybercrime. This can include activities like analyzing network traffic, recovering deleted files, and tracking
the movements of hackers.

Each of these domains is critical to ensuring the security of an organization's information systems. By working
together and leveraging their respective expertise, security professionals in these domains can help organizations
stay one step ahead of the ever-evolving threat landscape.

QUESTION 2:

Encrypt and Decrypt your first name using PLAYFAIR Cipher if Key is your father’s first name?

SOLUTION:

Key: SARFRAZ

S A R F Z
B C D E G
H I/J K L M
N O P Q T
U V W X Y

Plain Text: SA DI AX

Cipher Text: AR CK VF

2
 Information Security ( SWE313T ) ASSIGNMENT 1 SSUET/QR/114

QUESTION 3:

Encrypt “wearediscoveredsaveyourself” using VIGENERE Cipher if Key is your first name?

SOLUTION:

Key: AIMEN

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

KEY 0 8 12 4 13 0 8 12 4 13 0 8 12 4 13 0 8 12 4 13 0 8 12 4 13 0 8
P.T 22 4 0 17 4 3 8 18 2 14 21 4 17 4 3 18 0 21 4 24 14 20 17 18 4 11 5
C.T 22 12 12 21 17 3 16 30 6 27 21 12 29 8 16 18 8 33 8 37 14 28 29 22 17 11 13
MOD 22 12 12 21 17 3 16 4 6 1 21 12 3 8 16 18 8 7 8 11 14 2 3 22 17 11 13

Plain Text: wearediscoveredsaveyourself

Cipher Text: wmmvrdqegbvmdiqsihilocdwrlh

QUESTION 4:

Let the K be the 10-bit key 0111010001, Find K1 and K2 in S-DES?

SOLUTION:

Key: 0111010001

After P10 → 10101 ⋮ 10001

After LCS-1 → 01011 ⋮ 00011

After P8 → 00010111 ( key 1) After LCS-2 → 01101 ⋮ 01100

After P8 → 01101100 ( key 2)

3
Information Security ( SWE313T ) ASSIGNMENT 1 SSUET/QR/114

QUESTION 5:

Encrypt the Plain Text 11010101 in S-DES using above (Q4) K1 and K2 keys.

SOLUTION:

FOR KEY 1:

Plain text: 11010101

After IP → 1101 ⋮ 1100

After E/P → 01101001

After XOR → 0111 ⋮ 1110

↓ ↓

00 00

(0) (0)

After P4 → 0000

After SW → 00001101

FOR KEY 2:

Plain text: 11010101

After IP → 1101 ⋮ 1100

After E/P → 01101001

After XOR → 0000 ⋮ 0101

↓↓

01 00

(1) (0)

After P4 → 1000

After SW → 10001101

After IP-1 → 01010011